1. Field
The present invention relates to an authentication method and apparatus. In particular, the present invention relates to a method and apparatus for identity authentication in a network.
2. Description of the Related Art
In current web communities, games, electronic commerce, and other scenarios, security measures such as client identity authentication are always used to identify a valid user. In fact, the authentication process is a process of determining whether the authentication subject (client) is congruent with the declared identity (for example, a valid user).
Typically, in some online service systems, when clients apply for some particular service, they are always required to reserve some personal information data in the database, and then an authentication system will design questions or tests based on such personal information, so as to authenticate the clients' identities. A simple example is that in some website logon pages, a client is required to provide logon information such as a username and password, and if the username and password completely match, then the authentication system determines the valid identity of the current client. More complexly, the authentication system may ask, for example, through the web page, the client to answer one or more security questions about preserved personal information, for example, ID number, family address, telephone number, name of pet, etc., and authenticate the client's identity based on match degree between the answers and the reserved information.
The limitations for these authentication systems based on reserved information query firstly lie in their reliability and security. Since such sensitive information and static answers are limited in number and scope, potential criminals may easily embezzle such information and enter correct answers by some means to pretend to be a valid user. Thus, for web communities, games and electronic business scenarios which are highly demanding on reliability and security, such static, limited personal information-based question query systems are inappropriate.
Secondly, a reserved information query-based authentication system lacks flexibility of intelligently identifying a valid user. When answers entered by a client during the authentication process cannot exactly match the reserved information, the authentication system likely provides a negative authentication result. Even if the client per se is a valid user, he/she will be rejected due to inexact answers or wrong answer for any question. It compels a client to memorize a great quantity of reserved information for various kinds of network authentications, which imposes additional burden to the client.
Therefore, a new model identity authentication mechanism is desired to provide more reliable, much safer, and more flexible identity authentication to various kinds of service application environments.